31. Patch Management Requires Processes People Technology Products, tools, and automation Consistent and Repeatable Skills, roles, and responsibilities
32. Patch Management Process 1. Assess Environment Tasks A. Baseline of systems B. Assess architecture C. Review configuration D. Discovery and Inventory 1. Assess 2. Identify 4. Deploy 3. Plan 2. Identify Patches Tasks A. Identify new patches B. Patch relevance C. Verify authenticity & integrity 3. Plan Patch Deployment Tasks A. Approval to deploy patch B. Risk assessment C. Plan release process D. Acceptance testing 4. Deploy Tasks A. Distribute & install patch B. Report on progress C. Handle exceptions D. Review deployment
33.
34. Lack of effective Monitoring “… Close to 30% of companies indicated they would not be aware that their core business information had been altered until 12 to 24 hours later and roughly 30% would not be aware of a compromise for more than 2 days .” Source: CIO Magazine
35. Effective Monitoring requires Integrated Process Organization IT SOC SOC Logging 1. Integrated Log File 5. Respond 2. Encrypted Log Data 3. Analysis 6. (Ongoing) Vulnerability Test Pen Test Patching Incidence Response Knowledge 4. Alerting
38. Incidence Response Incident Response Analyse Contain Eliminate Restore Lessons Policy Refine Policy Continuous Monitoring T-1 T 0 T 1 T 1 T 3 T 4 T N Communicate
41. Incident Response Lifecycle New Incident Reported by Analyst Reported by Customer Detected by Event Correlation Helpdesk DATABASE Tracking Number IR0012885 Tracking Number Assigned Progression Through Different Stages/States Security Analyst Automatic Notification/Escalation
Introduction of presentation, speaker, and thank you. Introduction into an updated strategy for eSecurity effective for today’s technologies, and eGovernment environments.